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Abstract 



Termination is an important and well-studied property for logic programs. However, al- 
most all approaches for automated termination analysis focus on definite logic programs, 
^b ■ whereas real-world Prolog programs typically use the cut operator. We introduce a novel 

pre-processing method which automatically transforms Prolog programs into logic pro- 
grams without cuts, where termination of the cut-free program implies termination of 
the original program. Hence after this pre-processing, any technique for proving termina- 
tion of definite logic programs can be applied. We implemented this pre-processing in our 
termination prover AProVE and evaluated it successfully with extensive experiments. 
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1 Introduction 

Automated termination analysis for logic programs has been widely studied, see 
e.g., dBruynooghe et al. 2007| ICodish et al. 2005| |De Schreye and Decorte 1994 



IMesnard and Serebrenik 2007| [Nguyen et al. 2010| |Schneider-Kamp et al. 2009 



[Serebrenik and De Schreye 2005[ ). Still, virtually all existing techniques only prove 
universal termination of definite logic programs, which do not use the cut "!" . An 
exception is (jMarchiori 1996| . which transforms "safely typed" logic programs to 
term rewrite systems (TRSs). However, the resulting TRSs are complex and since 
there is no implementation of (jMarchiori 1996p . it is unclear whether they can be 
handled by existing TRS termination tools. Moreover, (jMarchiori 1996| 's method 

* Supported by the Deutsche Forschungsgemeinschaft (DFG) under grant GI 274/5-2, the DFG 
Research Training Group 1298 (AlgoSyn), and the Danish Natural Science Research Council. 
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does not allow arbitrary cuts (e.g., it does not operate on programs like Ex. [T]). 

In the present paper, we introduce a novel approach which shows that universal 
termination of logic programs with cuts can indeed be proved automatically for 
(typically infinite) classes of queries. This solves an important open problem in 
automated termination analysis of logic programs. 

Example 1 

We want to prove termination of the following program for the class of queries 
{div(ii,t2,t3) \ti,t2 are ground}. Since we only regard programs without pre-defined 
predicates, the program contains clauses defining predicates for failure and equality. 
So the atom failure(a) always fails and corresponds to Prolog's pre-defined "fail". 



div{X,0,Z) ^ !,failure(a). (1) 


eq(X,X). 


(5) 


div(0, Y,Z) ^ !,eq(Z,0). (2) 


sub(0,y,0). 


(6) 


div(X,y,s(Z)) ^ suh{X,Y,U),d\y{U,Y,Z). (3) 


sub(X,0,X). 


(7) 


failure(b). (4) 


sub(s(X),s(y),Z) 


^ sub(X,y,Z). (8) 



Any termination analyzer that ignores the cut fails, as div(0, 0, Z) would lead to 
the subtraction of and start an infinite derivation using Clause ([3]). So due to the 
cut, (universal) termination effectively depends on the order of the clauses. 

There are already several static analysis techniques for logic programming with 
cut, e.g., (jFile and Rossi 19"93J|Mogensen 19961 ), which are based on abstract inter- 
pretation (jCousot and Cousot 1992|ILe Charlier et al. 1994|rSpoto and Levi 1998[ ). 
However, these works do not capture termination as an observable and none of these 
results targets termination analysis explicitly. While we also rely on the idea of ab- 
straction, our approach does not operate directly on the abstraction. Instead, we 
synthesize a cut-free logic program from the abstraction, such that termination of 
the derived program implies termination of the original one. Thus, we can benefit 
from the large body of existing work on termination analysis for cut- free programs. 
Our approach is inspired by our previous successful technique for termination anal- 
ysis of Haskell programs (jGiesl et al. 2006]) . which in turn was inspired by related 
approaches to program optimization ( |S0rensen and Gliick 19951 ). 

In Sect. 1^1 we introduce the required notions and present a set of simple inference 
rules that characterize logic programming with cut for concrete queries. In Sect. [3] 
we extend these inference rules to handle classes of queries. Using these rules we can 
automatically build so-called termination graphs, cf. Sect. SI Then, Sect. [51 shows 
how to generate a new cut-free logic program from such a graph automatically. 

Of course, one can transform any Turing-complete formalism like logic program- 
ming with cuts into another Turing-complete formalism like cut-free logic program- 
ming. But the challenge is to develop a transformation such that termination of 
the resulting programs is easy to analyze by existing termination tools. Our imple- 
mentation and extensive experiments in Sect. I6l show that with our approach, the 
resulting cut-free program is usually easy to handle by existing tools. 

2 Concrete Derivations 

See e.g. ( |Apt 1997| for the basics of logic programming. We distinguish between 
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individual cuts to make their scope explicit. So a signature E contains all predicate 
and function symbols and all labeled versions of the cut {Im/Q \ m S N}. For 
simplicity we just consider terms 7~(S, V) and no atoms, i.e., we do not distinguish 
between predicate and function symbols. To ease the presentation, in the paper we 
exclude terms with cuts Im as proper subterms. A clause is a pair H ^ B where 
the head H is from T(S, V) and the body B is a sequence of terms from T(S, V). 
Let Goal{Y.,V) be the set of all such sequences, where D is the empty goal. 

A program V (possibly with cut) is a finite sequence of clauses. SliceiV., t) are all 
clauses for t's predicate, i.e., SUce{P,p(ti, ...,tn)) = {c | c = "p(si, ..., Sn) •(— B" e V}. 

A substitution cr is a function V — > T(S, V) and we often denote its application 
to a term t by ta instead of a{t). As usual, Dom{a) ~ {X \ Xa ^ X} and 
Range{a) = {Xa \ X 6 Dom{u)}. The restriction of ct to V C VisCT|v'(-'^) = (j(X) 
\i X £ V', and a\yi{X) = X otherwise. A substitution a is the most general unifier 
(mgu) of s and t iff sa = ta and, whenever 57 = t^ for some 7, there exists a S such 
that X^ = Xa5 for all X G V(s) U V{t). If s and t have no mgu, we write s ^ t. 
Finally, to denote the term resulting from replacing all occurrences of a function 
symbol / in a term t by another function symbol 5, we write t[f/g]. 

Now we recapitulate the operational semantics of logic programming with cut. 
Compared to other formulations like ([Andrews 20031 IBillaud 1990l Ide Vink 19891 
IKulas and Beierle 20001 [Spoto 20"00l ), the advantage of our formalization is that 
it is particularly suitable for an extension to classes of queries in Sect. [3] and 
m and for synthesizing cut-free programs in Sect. [5] A formal proof on the cor- 
respondence of our inference rules to the semantics of the Prolog ISO standard 
(jDeransart et al. 1996^ can be found in (jStroder 2010p . 

Our semantics is given by 7 inference rules. They operate on states which repre- 
sent the current goal, and also the backtrack information that is needed to describe 
the effect of cuts. The backtrack information is given by a sequence of goals which 
are optionally labeled by the program clause that has to be applied to the goal 
next. Moreover, our states also contain explicit marks for the scope of a cut. 

Definition 1 {Concrete State) 

A concrete state is a sequence of elements from Goal{T.,V) U {Goal{Y,,V) x N x N) U 

{?n I n e N}, where elements are separated by "|" . State{T,, V) is the set of all states. 

So an element of a state can be Q G Goali^E^V); or a labeled goal Ql^ G 
Goal{T,, V) X N X N representing that we must apply the «-th program clause to Q 
next, where m determines how a cut introduced by the i-th clause will be labeled; 
or ?,„. Here, ?m serves as a marker to denote the end of the scope of cuts !,„ labeled 
with 771. Whenever a cut !,„ is reached, all elements preceding ?,„ are discarded. 

Now we express derivations in logic programming with cut by seven rules. Here, 
S and S' are concrete states and the goal Q may also be D (then "i, Q" is t). 

Definition 2 {Semantics with Concrete Inference Rules) 

n I Q vlf lOIS'l?!';'' where 1 n I <? where 

^1± (Sue) ^^^ (FAIL) •'"'^^';'",''^ (Cut) S . con- — ^1^ (Cut) S . eon- 

5 ^ ^ 5 ^ ^ Q ?,y^ S' ^ ' tains g ^ > tains 

no ?m no ?m 
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(Case) 



where 

— (Eval) '^'^u'u\^'' 

Ba,Qa\ S ' mgu{t,H,)^a, 



where t is neither a cut nor a variable, m 
is greater than all previous marks, and 
Slice{P,t) — {cij, . . . , Ci^} with ii < 
. . . < ik 

S where 

— (Backtrack) q = iJi •(— Bi 
and t '^ Hi. 



s 



The Sue rule is applicable if the first goal of our sequence could be proved. As 
we handle universal termination, we then have to backtrack to the next goal in the 
sequence. Fail means that for the current m-th case analysis, there are no further 
backtracking possibilities. But the whole derivation does not have to fail, since the 
state S may still contain further alternative goals which have to be examined. 

To make the backtracking possibilities explicit, the resolution of a program clause 
with the first atom t of the current goal is split into two operations. The Case 
analysis determines which clauses could be applied to t by slicing the program 
according to t's root symbol. It replaces the current goal (t, Q) by a goal labeled 
with the index ii of the first such clause and adds copies of {t, Q) labeled by 
the indices i2T--,ik of the other potentially applicable clauses as backtracking 
possibilities. Note that here, the top-down clause selection rule is taken into account. 
Additionally, these goals are labeled by a fresh mark m gN that is greater than all 
previous marks, and ?,„ is added at the end of the new backtracking goals to denote 
the scope of cuts. For instance, con- 
sider the program of Ex. [T] and the 
query div(0, 0,Z). Here, we obtain 
the sequence depicted at the side. 
The Case rule results in a state 
which represents a case analysis 
where we first try to apply the first 
div-clause ([1]). When backtracking later on, we use clauses ([2]) and ([3]). 

For a goal {t, Q)ln, if t unifies with the head Hi of the corresponding clause, we 
apply Eval. This rule replaces t by the body Bi of the clause and applies the mgu 
a to the result. When depicting rule applications as trees, the corresponding edge is 
labeled with cr|y(j). All cuts occurring in Bi are labeled with m. The reason is that 
if one reaches such a cut, then all further alternative goals up to ?m are discarded. 

If t does not unify with Hi, we apply the Backtrack rule. Then, Clause i cannot 
be used and we just backtrack to the next possibility in our backtracking sequence. 

Finally, there are two Cut rules. The first rule removes all backtracking infor- 
mation on the level m where the cut was introduced. Since the explicit scope is 
represented by Im and ?m, we have turned the cut into a local operation depending 
solely on the current state. Note that ?m must not be deleted as the current goal 
Q could still lead to another cut !„. The second Cut rule is used if ?„ is missing 
(e.g., if a cut !„ is already in the initial query). Later on, such states can also result 
from the additional Parallel inference rule which will be introduced in Sect. S) 
We treat such states as if ?m were added at the end of the backtracking sequence. 

Note that these rules do not overlap, i.e., there is at most one rule that can be 
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applied to any state. The only case where no rule is applicable is when the state is 
the empty sequence (denoted s) or when the first goal starts with a variable. 

The rules of Def. [2] define the semantics of logic programs with cut using states. 
They can also be used to define the semantics using derivations between goals: 
there is a derivation from the goal Q to Q' in the program V (denoted Q hp g Q') 
iff repeated application of our rules can transform the state^ Q to a state of the 
form Q I 5 for some S, and Q' results from Q by removing all labels. Moreover, 
9 = 0102 ■■ -On where 0i, . . . ,0n are the mgu's used in those applications of the 
EvAL rule that led to Q . We call 0\v(q) the corresponding answer substitution. If 
is not of interest, we write hp instead of \~-p,0- 

Consequently, our inference rules can be used for termination proofs: If there is an 
infinite derivation (w.r.t. hp) starting in some goal Q, then there is also an infinite 
sequence of inference rule applications starting in the state Q, i.e., Q is a "non- 
terminating state". Note that we distinguish derivations in logic programming (i.e., 
Q \--p Q' for goals Q and Q') from sequences of states that result from application 
of the inference rules in Def. [2j If a state S can be transformed into a state 5" by 
such an inference rule, we speak of a " state- derivation^\ 

3 Abstract Derivations 

To represent classes of queries, we introduce abstract terms and a set A of abstract 
variables, where each T G A represents a fixed but arbitrary term. Af consists of 
all "ordinary" variables in logic programming. Then, as abstract terms we consider 
all terms from the set T(S, V) where V — Af ^ A. Concrete terms are terms from 
T(E,A/'), i.e., terms containing no abstract variables. For any set V' C V, let V"(i) 
be the variables from V' occurring in the term t. 

To determine by which terms an abstract variable may be instantiated, we add 
a knowledge base KB = [QM) to each state, where Q '^ A and U C T(S,V) x 
^(S, V). The variables in Q may only be instantiated by ground terms. And (s, s') G 
lA means that we are restricted to instantiations 7 of the abstract variables where 
57 7^ s'7, i.e., s and s' may not become unifiable when instantiating them with 7. 

Definition 3 {Abstract State) 

The set of abstract states AState{Yi,N , A) is a set of pairs (5; KB) of a concrete 

state S G State{Yi,J\f yj A) and a knowledge base KB. 

A substitution 7 is a concretization of an abstract state if it respects the knowl- 
edge base {Q,U). So first, 7 instantiates all abstract variables, i.e., Dom{'y) ~ A. 
Second, when applying 7, the resulting term must be concrete, i.e., V{Range{'j)) C 
Af. Third, abstract variables from Q may only be replaced by ground terms, i.e., 
V{Range{-j\g)) = 0. Fourth, for all pairs (s, s') G U, 57 and s'7 must not unify. 

Definition 4 {Concretization) 

A substitution 7 is a concretization w.r.t. {Q,U) iff Dom{j) — A, V{Range{'y)) C 

TV, V{Range{'j\g)) — 0, and 57 ^ s'7 for all (s, s') G U. The set of concretizations of 

^ If Q contains cuts, then the inference rules have to be applied to Q[!/!i] instead of Q. 
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an abstract state {S\ KB) is Con{S; KB) = {57 | 7 is a concretization w.r.t. KB}. 

Example 2 

Consider the abstract state which consists of the single goal sub(ri, T2, T3) and the 
knowledge base ({Ti, Tz}, {(Ti, Tg)}), with T, e ^ for ah i. So here Q = {Ti, Ta} and 
14 only contains (Ti, T3). This represents all concrete states sub(ii, ^2, ^3) where ii, ^2 
are ground terms and where ii and t^ do not unify, i.e., ^3 does not match ti. For ex- 
ample, sub(0, 0, Z) is not represented as and Z unify. In contrast, sub(s(0), s(0), 0) 
and sub(0, 0,s(0)) are represented. Note that sub(s(0),s(0), 0) can be reduced to 
sub(0,0, 0) using Clause ^ from Ex. [TJ But Clause ([8)) cannot be applied to all 
concretizations. For example, the concrete state sub(0, 0,s(0)) is also represented 
by our abstract state, but here no clause is applicable. 

Ex. [2] demonstrates that we need to adapt our inference rules to reflect that 
sometimes a clause can be applied only for some concretizations of the abstract 
variables, and to exploit the information from the knowledge base of the abstract 
state. We now adapt our inference rules to abstract states that represent sets of 
concrete states. The invariant of our rules is that all states represented by the parent 
node are terminating if all the states represented by its children are terminating. 

Definition 5 (Sound Rules) 

An abstract state is called terminating iff all its concretizations are terminating. 
A rule p : AState{i:,J\r,A) -^ 2^^*''*'=(^'^^-^) is sound if {S;KB) is terminating 
whenever all (5'; KB') G p{S; KB) are terminating. 

The rules Sue, Fail, Cut, and Case do not change the knowledge base and are, 
thus, straightforward to adapt. Here, S \ S'; KB stands for {{S \ S'); KB). 

Definition 6 {Abstract Inference Rules - Part 1 (SvC, FAIL, CuT, CaseJ) 

n\S\KB ?„ I 5; KB 

—— (Sue) ^^^^ (Fail) 

S;KB S-KB 

!,„, Q \S\?^\S'; KB where S !», Q I S; KB ^here S 

t O \ S' KB where t is neither a cut nor a vari- 

' ^ ' ' (Case) able, m is greater than all pre- 



{t,Qy„\\ ...\{t,Q)'^\7rn\S;KB vious marks, and Slice{r,t) 

{cii,...,CiJ with ii < ... <ik 

In Def. m we determined which of the rules EvAL and Backtrack to apply by 
trying to unify the first atom t with the head Hi of the corresponding clause. But 
as demonstrated by Ex. [51 in the abstract case we might need to apply EvAL for 
some concretizations and Backtrack for others. Backtrack can be used for all 
concretizations if t does not unify with Hi or if their mgu contradicts lA. This gives 
rise to the abstract Backtrack rule in the following definition. When the abstract 
Backtrack rule is not applicable, we still cannot be sure that ^7 unifies with Hi 
for all concretizations 7. Thus, we have an abstract EVAL rule with two successor 
states that combines both the concrete EVAL and the concrete Backtrack rule. 
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Definition 7 {Abstract Inference Rules - Part 2 ('BACKTRACK, EvALJ) 



{t,Q)]^\S-KB 
S-KB 



(Backtrack 



where Ci = Hi ■(— Bi and there is no con- 
cretization 7 w.r.t. KB such that ^7 ~ Hi. 



S;{g,U) 



(Eval) 



Bla,Q<j\Sa\g;{g\Ua\g) S; {G^U U {{t,H^)}) 
where Ci — Hi <— Bi and mgu{t,Hi) — a. W.l.o.g., V{a{X)) only contains fresh 
abstract variables for all X G V. Moreover, Q' = A{Range{a\g)) and B'i = Bi[\/lm]- 

In EvAL, w.l.o.g. we assume that mgu{t, Hi) renames all variables to fresh ab- 
stract variables. This is needed to handle "sharing" effects correctly, i.e., to handle 
concretizations which introduce multiple occurrences of (concrete) variables, cf. 



( Schneider-Kamp et al. 20101. The knowledge base is updated differently for the 
successors corresponding to the concrete EvAL and Backtrack rule. For all con- 
cretizations corresponding to the second successor of EvAL, the concretization of t 
does not unify with Hi. Hence, here we add the pair {t,Hi) to the set 14. 

Now consider concretizations 7 where t^ and Hi unify, i.e., concretizations 7 
corresponding to the first successor of the EVAL rule. Then for any T ^ Q, T-f is a 
ground instance of Ta. Hence, we replace all T G ^ by Ta, i.e., we apply a\g to U 
and S. Now the new set Q' of abstract variables that may only be instantiated by 
ground terms is A{Range{a\g)) . As before, t is replaced by the instantiated clause 
body Bi where we label cuts with the number m of the current Case analysis. 

Now any concrete derivation with the rules from Def. [2] can also be simulated 
with the abstract rules from Def. |6] and [T] But unfortunately, even for terminat- 
ing goals, in general these rules yield an infinite tree. The reason is that there is 
no bound on the size of terms represented by the abstract variables and hence, 
the abstract EvAL rule can be 
applied infinitely often. 

Example 3 

Consider the 1-rulc program 

p(s(X)) ^ p(X). (9) 

For queries of the form p(i) 
where t is ground, the program 
terminates. However, the tree 
built using the abstract infer- 
ence rules is obviously infinite. 





P(Tl)i({Ti},0) 








Case 






p(T'iJil|'?i;({Ti},0) 




Tx/<.{T2) 


EVAL 






P(T2) l?l!({T2},0) 




?i;({Ti},{(p(Ti),p(s(X)))}) 






Case 


Fail 




P(T2J11|?2 l?i;({T2},2') 




e;C{T'l},{(p(Ti),p(s{X)))}) 




T'2/s(T3)J_EVAL 




EVAL 




P(T3) l?2 l?i;({T3},0) 




?2 l?i;({T2},{(p(T2),p{s(X)))}) 




J 


Case 








|fa,l 





4 Prom Trees to Graphs 

To obtain a finite graph instead of an infinite tree, we now introduce an additional 
Instance rule which allows us to connect the current state {S\ KB) with a previ- 
ous state (5"; KB'), provided that the current state is an instance of the previous 
state. In other words, every concretization of [S] KB) must be a concretization of 
(5"; KB'). Still, Instance is often not enough to obtain a finite graph. 
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Example 4 

We extend Ex. [3] by the following additional fact. 

p{X). 



(10) 



For queries p(t) where t is ground, the program still terminates. If we start with 
(p(Ti); {{Ti},0)), then the Case rule results in the state {p{Ti^ \ p(Ti|p | ?i; 
({Ti}, 0)) and the EvAL rule produces two new states, one of them being (p(T2) | 
p(s(T2)ip|?i;({T2},0)). 

To simplify states, from now on we will eliminate so-called non-active marks ?m 
which occur as first or as last element in states. Eliminating ?„ from the beginning 
of a state is possible, as Fail would also remove such a ?„. Eliminating ?„ from 
the end of a state is possible, as applying the first Cut rule to a state ending in ?„ 
is equivalent to applying the second Cut rule to the same state without ?„. 

We will also reduce the knowledge base to just those abstract variables that 
occur in the state and remove pairs {s,s') from U where s 7^ s'. Still, (p(T2) | 
p{s{T2)j^,i{T2},0)) is not an 
instance of the previous state 
(p(Ti); ({Ti}, 0)) due to the ad- 
ded backtrack goal p(s(T2)jp. 
Therefore, we now introduce a 
Parallel rule that allows us 
to split a backtracking sequence 
into separate problems. Now we 
obtain the graph on the right. 



,-> 


P(T'l);({T'l},>3) 




/ 
/ 






Case 










P(TlJ|l|p{TiJiH({Ti},0) 


Parallel 


P(Tiip({Ti},ZI) 






Ins 


rANCE 




Parallel 






T1/T2 


/eval 


EVAL 






p{riJH({Ti},0) 




□ ; (0, 0) 




e; (21, Z) 
















\ 
\ 


Ti/s(T2) 


EVAL ^N^ 


:;val 




\ 




s 


p(r2);({T2},ef) 


e; (0, 0) 




e; (0, 0) 





Clearly, Parallel may transform terminating into non-terminating states. But 
without further conditions. Parallel is not only "incomplete" , but also unsound. 



Consider a state ( !2 



?2 I p; (0, 0)) for the program p ^ p. The state is not 



terminating, as !i is not reachable. Thus, one eventually evaluates p. But if one 
splits the state into (!2; (0,0)) and (!i |?2 | p; (0,0)), both new states terminate. 
To solve this problem, in addition to the "active marks" (cf. Ex. 4) we introduce 
the notion of active cuts. The active cuts of a state S are those ttt, 6 N where !„ 
occurs in S or where !,„ can be introduced by EvAL applied to a labeled goal {t, g)*„ 
occurring in S. Now the Parallel rule may only split a backtracking sequence into 
two parts S and S' if the active cuts of S and the active marks of S' are disjoint. 

Definition 8 {Abstract Inference Rules - Part 3 ('INSTANCE, PARALLEL^) 






(Instance) 



if there is a /i such that S — S' fi^ fi\^f is a variable 
renaming, V(T^) C g for all T £ G' , and U'fi C U. 



S I S"; KB 



S-KB 



S':KB 



(Parallel) if AC{S) n AM{S') 



The active cuts AC{S) are all m where !„ is in S or {t, g)5„ is in S and c^'s body has 
a cut. The active marks AM{S) are all m where S = S' \7^\ S" and S' ^ e, S" ^ e. 
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Example 5 

However, there are still examples where the graph 

cannot be "closed" . Consider the program 

p(s(X))^p(X),q. (11) q. (12) 

For queries p(i) where t is ground, the program 
again terminates. With Del. |6l[7l and HI we obtain 
the infinite tree on the right. It never encounters 
an instance of a previous state, since each resolu- 
tion with Clause (jlip adds a q to the goal. 

Thus, we introduce a final abstract Split rule 
to split a state {t, Q; KB) into {t; KB) and a state 
{Q^i]KB ), where /x approximates the answer substitutions for t. The edge from 
(t, Q\ KB) to (Q/i; KB') is labeled with /i|v(t)uv(Q)- To simplify the Split rule, we 
only define it for backtracking sequences of one element. To obtain such a sequence, 
we can use the Parallel rule. 



, 


Case 


EVAL 




P(T2Jiilq;({T'2},J2I) 




1-2/5(1-3) EVAL ^^ 




P(T3),q,q;({r3},ZI) 


e; (J3, Z) 



1 



Definition 9 [Abstract Inference Rules - Part 4 ('Split^) 



t,Q\{Q,U) 



t;{g,U) Qfi;{g\Ufi) 



where /i replaces all variables from V\g 
(Split) by fresh abstract variables and G' = GU 
ApproxGnd{t, /i). 



Here, ApproxGnd is defined as follows. We assume that we have a groundness 
analysis function Ground-p : S x 2^ — !• 2^*^, see, e.g., ( [Howe and King 2003[ ). lip 
is an n-ary predicate, {ii,...,«m} ^ {lj---:'«-}7 and Ground-p{p,{ii, ■ ■ ■ Tim\) = 
{ji, . . . , jfc}, then any successful derivation p{ti, . . . , t„) h^ ^ D where ti^, . . . , ti^ 
are ground will lead to an answer substitution 9 such that tj-^^6, . . . ,tj^9 are ground. 
So Ground-p approximates which positions of p will become ground if the "input" 
positions zi, . . . , i^ are ground. Now if i = p(ii, . . . , in) is an abstract term where 
tij , . . . , ti^ are ground in every concretization (i.e., all their variables are from G)^ 
then ApproxGnd{t, fi) returns the /i-renamings of all abstract variables that will 
be ground in every successful derivation starting from a concretization of t. Thus, 
ApproxGndit, /i) contains the abstract variables of ijj/i, . . . , tj^fx. So formally 

ApproxGnd{p{ti, . . . ,i„),//) = {^(^jM) I J ^ Groundp{p, {i \ V(<i) C G})} 

Example 6 

To illustrate Def. IHl regard the program of Ex. [1] and the state (sub(T5, Tgi ^g), 
div(T8,r6,77);({T5,r6},Z^)) with T5,Te,T7,Ts G A. (This state wih occur in the 
termination proof of div, cf. Ex. [T]) We have G — {T5,r6} and hence if sub(ti,i2,i3) 
is sub(T5,T6,T8), then Ground-p (sub, {i | V{ti) C G}) = Ground-p(sub, {1,2}) = 
{1,2,3}. In other words, if the first two arguments of sub are ground and the 
derivation is successful, then the answer substitution also instantiates the third ar- 
gument to a ground term. Since fi only renames variables outside oi G, we have /i = 
{Tj/Tq,Ts/Tw}. So ApproxGnd{sub{T5,Te,T8), fi) = {A{tifi),A{t2fi),A{t3fi)} = 
{TQfj,,Tefi,Tsfi} = {r5,r6,Tio}. So the Split rule transforms the current state 
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-> p(Ti);({Ti},ef) 








Case 










P(TlJpl({Ti},0) 


EVAL 


e; {Z, 0) 










E Ti/s(T2) EVAL 










P(r2),q;({T2},0) 


Split 


q;(2>,J2r) 






id'' 






Split 




Case 






p(r2);({T2},ef) 




^(.0,0) 












id Eval" 


EVAL 




e;(ef,2>) 


t 


D; (0, JZr) 


e;(ef,2I) 



to (sub(T5,T6,r8);({T5,T6},W)) and 
(div(Tio,T6,T9); ({T5,T6,Tio}, Z^A^)) 
where one can eliminate T5 from the ' 
new groundness set Q' . ^ 

With the additional Split rule, we | ' 
can always obtain finite graphs in- ', 
stead of infinite trees. (This will be 
proved in Thm. [2]) Thus, no further 
rules are needed. As depicted on the 
right, now we can also close the graph 
for Ex. 5's program. 

Thm. [1] proves the soundness of all our abstract inference rules. In other words, 
if all children of a node are terminating, then the node is terminating as well. 

Theorem 1 {Soundness of the Abstract Inference Rules) 
The inference rules from Def. El [3 O and [9] are sound. ^ 

5 From Termination Graphs to Logic Programs 

Now we introduce termination graphs as a subclass of the graphs obtained by Def. |6l 
[71 m ini Then we show how to extract cut-free programs from termination graphs. 

Definition 10 {Termination Graph) 

A finite graph built from an initial state (5*; KB) using Def. [6l [71 [H and [9] is a 
termination graph iff there is no cycle consisting only of Instance edges and all 
leaves are of the form (e; KB') or {X, Q | S; KB') with X G V. If there are no leaves 
of the form (X, Q \ S; KB'), then the graph is ^^ proper" . 

We want to generate clauses for the loops in the termination graph and show their 
termination. Thus, there should be no cycles consisting only of Instance edges, as 
they would lead to trivially non-terminating clauses. Moreover, the only leaves may 
be nodes where no inference rule is applicable anymore (i.e., the graph must be 
"fully expanded"). For example, the graph at the end of Sect. [4] is a termination 
graph. Thm. [2]shows that termination graphs can always be obtained automatically. 

Theorem 2 {Existence of Termination Graphs) 

For any program V and abstract state {S; KB), there exists a termination graph. 

Example 7 

For the program from Ex. [1] we obtain the termination graph below. Here, U = 
{(div(r5,T6,T3),div(A:,0,Z)),(div(T5,r6,T3),div(0,r,Z))} results from exploiting 
the cuts. U implies that neither Tg nor T5 unify with 0. Thus, only Clause ([8]) is 
applicable to evaluate the state in Node D. This is crucial for termination, because 
in D, sub's result Tg is always smaller than sub's input argument T5 and therefore, 
div's first argument in Node C is smaller than div's first argument in Node A. 
Remember that our goal is to show termination of the graph's initial state. Since 



For all proofs, we refer to ||Schneider-Kainp et al. 2010[|. 
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the graph only has leaves {e; KB) that are clearly terminating, by soundness of the 
inference rules, it remains to prove that there is no state-derivation corresponding 
to an infinite traversal of the cycles in the graph. So in our example, we have to 
show that the Instance edges for div and sub cannot be traversed infinitely often. 



div(Ti,T2,T3)i({Ti,T2},J3) 



^-. 



«(Ti , T2 , Tall] I div(Ti , T2 , Talfl I div(Ti , T2 , Tgl^ ({Tj , T2}, 0) 



T"i/r4,r2/o. T3/T5 



ll.fail I div(T4,0, TaJfll di»(T4,0,T3lH 



div(Ti , T2 , T3 J|l I div(Ti , T2 , TaJH 

C{Ti, T2}, {(di»(Ti, T2, T3), divCX, 0, Z))}) 



Ti/0,T2/T4,T3/T5 



fail; (J3, 0) 



e; (ja, 0) 



!l,eq(T5,0) | di»(0, T4, T3jp 

({T4}, {(div/(0, T4, T3), div(JC, 0, Z))}) 




5: 



div(Ti , T2 , T3Jp ({Ti , T2 }, {(di»(Ti , T2 , T3), 
div(X, 0, Z)), (div(Ti, T2, T3), div(0, 1-, Z))}) 



eq(T5,0)i (0, 0) 



Ts/O 



eq(T5,oJp(0,0) 

/ \ EVAl 
1^ EVAL V 



□ ; (0, 0) 




e; (0, 0) 



b(T5, Te, Tgjfl sub(T5, Tji, TgJIl I subtTg , Tj, , Tg JH ({T5, Te},M) 



e; (0, 0) 



iub(T5 , Tg , TgJIl I subfTs , Tg, TgJH {{T5 , Tg}, M) 



Backtrack 
> 



•''b(T9,Tio,TiiJH({Tg,Tio},0) 



D; (0, 0) 



e; (0, 0) 




TB/s(T9),Te/s(Tio),Ts/Tii 



ib(T5, Te, TgJH ({T5, Tg}, W) 
\ EVAL 



EvAL y^ ^^FjvAL Parallels 



sub(T9,Tio,Tii)i({Tg,Tio},0) f 



e; (0, 0) 



i"b(T9, Tio, Til J|l I sub(T9, Tio, Til Jp I s"b(T9, Tiq, TnJp ({T9, Tiq}, 0) 

I PARALLEL 



e; (0, 0) 



iubCTg , Tio , Til j|l I ^bCTg , Tiq , Tn Jp ({T9 , Tiq } , 0) 




Tg/Ti2,Tio/0 
3"ll/Ti2 ,/ EVAL 



We now synthesize a cut-free program from the termination graph. This program 
has the following property: if there is a state-derivation from a concretization of one 
state to a concretization of another state which may be crucial for non-termination, 
then there is a corresponding derivation in the obtained cut-free program. 

More precisely, we build clauses for all clause paths. For a termination graph 
G, let Instance(G') denote all nodes of G to which the rule Instance has been 
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applied (i.e., C and H in our example). The sets Split(G) and Suc(G) are defined 
analogously. For any node n, let Succ{i, n) denote the i-th child of n. Clause paths 
are paths in the graph that start in the root node, in the successor node of an 
Instance node, or in the left child of a Split node and that end in a Sue or 
Instance node or in the left child of an Instance or Split node. 

Definition 11 {Clause Path) 

A path TT = rii . . . rife in G is a clause path iff fc > 1 and 

• ni e Succ{l, Instance(G) U Split(G)) or m is the root of G, 

• nfe e Suc(G) U Instance(G) U 5wcc(1, Instance(G) U Split(G)), 

• for all 1 < j < fc, we have n^ ^ Instance(G), and 

• for all 1 < j < fc, we have n^ ^ 5ucc(l, Instance(G) U Split(G)). 

Since we only want finitely many clause paths, they may not traverse Instance 
edges. Clause paths may also not follow left successors of Instance or Split. 
Instead, we create new clause paths starting at these nodes. In our example, we 
have clause paths from A to B, A to C, A to D, D to E, E to F, E to G, and E to H. 

To obtain a cut-free logic program, we construct one clause for each clause path 
■K — ni ... rife. The head of the new clause corresponds to ui where we apply the 
relevant substitutions between ni and n^. The last body atom corresponds to n^. 
The intermediate body atoms correspond to those nodes that are left children of 
those Ui which are from Split(G). Note that we apply the relevant substitutions 
between Ui and Uk to the respective intermediate body atom as well. 

In our example, the path from A to B is labeled by the substitution a ~ {Ti/O, 
T2/TA, T3/O, T5/O}. Hence, we obtain the fact divA(ri,T2,r3)CT = divA(0,r4,0). We 
always use a new predicate symbol when translating a node into an atom of a new 
clause (i.e., divA is fresh). Instance nodes are the only exception. There, we use 
the same predicate symbol both for the Instance node and its successor. 

For the path from A to C, we have the substitution a' = {Ti/Ts, T2/TQ, T^/siTg), 
T-j/Tq, Tg/Tio}. Right children of Split nodes can only be reached if the goal 
in the left SPLiT-child was successful. So s\ih{T^^T(,,T^)a' must be derived to 
D before the derivation can continue with div. Thus, we obtain the new clause 
divA(T'5,T6,s(T9)) ^ subD(T5,r6,Tio),divA(rio,T6,T9). Note that we used the same 
symbol divA for both occurrences of div as they are linked by an Instance edge. 

Continuing in this way, we obtain the following logic program for which we have 
to show termination w.r.t. the set of queries {divA(ti,i2j^3) | ^1,^2 are ground}, as 
specified by the knowledge base in the root node A. 

divA(o,r4,o). 
divA(T5,r6,s(T9)) ^ sub„(r5,T6,rio),divA(rio,r6,r9). (13) 

diVA(T5,r6,s(T7)) ^ sub„(r5,T6,r8). 
sub„(s(r9),s(Tio),rii) ^ subE(T9,Tio,Tn). 
subE(0,Ti2,0). 

SUbE(ri2,0,Ti2). 

subE(s(Ti2),s(Ti3),ri4) ^ subE(ri2,ri3,ri4). 

Virtually all existing methods and tools for proving termination of logic programs 
succeed on this definite logic program. Hence, by our pre-processing technique, 



Automated Termination Analysis for Logic Programs with Cut 



13 



termination of programs with cut like Ex. [T] can be proved automatically. 

In general, to convert a node n into an atom, we use a function Ren. Ren(n) has 
the form p„ [Xi , . . . , X„) where p„ is a fresh predicate symbol for the node n (except 
if n is an Instance node) and Xi,. . . ,Xn are all variables in n. This renaming 
allows us to use different predicate symbols for different nodes. For example, the 
cut-free logic program above would not terminate if we identified subc and sube. 
The reason is that subo only succeeds if its first and second argument start with "s" . 
Hence, if the intermediate body atom subD(T'5, Tq,Tiq) of Clause (13) succeeds, then 
the "number Tio" will always be strictly smaller than the "number Ts". Finally, 
Ren allows us to represent a whole state by just one atom, even if this state consists 
of a non- atomic goal or a backtracking sequence with several elements. 

The only remaining problem is that paths may contain evaluations for several 
alternative backtracking goals of the same case analysis. Substitutions that corre- 
spond to "earlier" alternatives must not be regarded when instantiating the head 
of the new clause. The reason is that backtracking undoes the substitutions of pre- 
vious evaluations. Thus, we collect the substitutions on the path starting with the 
substitution applied last. Here, we always keep track of the mark d corresponding to 
the last EvAL node. Substitutions that belong to earlier alternatives of the current 
case analysis are disregarded when constructing the new cut-free program. These 
earlier alternatives can be identified easily, since they have marks m with m > d. 



Example 5 

Consider the following program and the termination 
graph for the state (p(ri); (0, 0)) on the side. Here, we 
omitted the knowledge bases to ease readability. 



p(ri) 



p(TiP|p(TiP 



Ti/f(T2) 



q(r2) I pfTipl 



qCT^PlptTiP 



T2/a 



p(TiP 



I P(TiP 



p(TiP 



p(riP 



p(f(X)) ^ q{X). (14) q(a). (16) 

p(g(X)) ^ r{X). (15) r(b). (17) 

This graph contains clause paths from A to B and from 
A to C. For every clause path, we collect the relevant sub- 
stitutions step by step, starting from the end of the path. 
So for the first clause path we start with {T2/a}. This sub- 
stitution results from an EvAL node for the goal q{T2]^ 
with mark d = 2. Hence, for the first clause path we only 
collect further substitutions that result from EvAL nodes ^i /Bel's) 
with marks smaller than d — 2. Since the next substitu- 
tion {Ti/f(T'2)} results from an EvAL node with mark 1, 
we finally obtain {Ti/f(T2)} o {T2/a} which leads to the 
fact p(f (a)) in the resulting logic program. For the second 
clause path from A to C, we start with {Ts/b} which re- 
sults from an EvAL node with mark d ~ 3. When moving 
upwards in the tree, the substitution {ri/g(r3)} also has 
to be collected, since it results from an EvAL node with 
mark 1. Thus, we now set d = 1. When moving upwards, we reach further substi- 
tutions, but they result from EvAL nodes with marks 2 and 1. These substitutions 



r(T3) 



KTaP 



Ta/b 
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are not collected, since they correspond to earlier alternatives of this case analysis. 
Hence, we just obtain the substitution {Ti/g(r3)} o {Ta/b} for the second clause 
path, which yields the fact p(g(b)) in the resulting logic program. 

If we disregarded the marks when collecting substitutions, the second clause path 
would result in {Ti/f (T2)}o{r2/a}o{Ti/g(r3)}o{r3/b} instead. But then we would 
get the same fact p(f(a)) as from the first clause path. So the new logic program 
would not simulate all derivations represented in the termination graph. 

Now we formally define the cut-free logic program Vg and the corresponding 
class of queries Qq resulting from a termination graph G. If Vg is terminating for 
all queries from Qq, then the root state of G is terminating w.r.t. the original logic 
program (possibly containing cuts). 

Definition 12 {Logic Programs and Queries from Termination Graph) 
Let G be a termination graph whose root n is {p{Ti, ...,Tm);{{Tii, ...,Ti^},0)). We 
define Vg = U^ clause path in g Clause{Ti) and Qg = {p„(ti, ...,i„) | t,,,...,t^^ 
are ground}. Here, Pn is a new predicate which results from translating the node n 
into a clause. For a path tt = ni...nk, let Glause{Tr) = Ren{ni)a.„^oo ^ Itt , Ren^Uk) ■ 
For n G Suc(G), Ren{n) is D and for n e Instance(G), it is Ren{Succ{l,n))fi 
where /i is the substitution associated with the Instance node n. Otherwise, 
Ren{n) is p„(V(n)) where Pn is a fresh predicate symbol and V{S; KB) = V{S). 

Finally, (T7r,d with d e N U {cxd} and /jr are defined as follows. Here for a path 
TT = ni . . .rij, the substitutions /^ and a are the labels on the outgoing edge of 
nj_i e Split(G) and rtj-i £ Eval(G), respectively, and the mark m results from 
the corresponding node nj_i = ((i, Q)\^\S] KB). 

id if j = 1 

o"ni...nj_i,d A* if rij-i G Split(G), Uj = Succ{2,nj-x) 
,d= { o-ni...nj_i,m u if rij-i G Eval(G'), Uj = Succ{l, Tij-i), and d> m 
o'm...nj_i,d o-\g if rij-i G Eval(G), uj = Succ{l,nj-i), and d<m 
^(Tni...nj_i,d otherwise 

in if j = fc 

Ren{Succ{l,nj))anj...nk,oo, I,ij+i...,i^ if n-,- G SPLlT(G),nj+i = Succ{2,nj) 
/nj + i...nfc otherwise 

So if Uj-i is a Split node, then one has to "collect" the corresponding substitu- 
tion n when constructing the overall substitution ani...n ,d for the path. If Uj-i is 
an EvAL node for the ?7i-th case analysis and Uj is its left successor, then the con- 
struction oiani...nj,d depends on whether we have already collected a corresponding 
substitution for the current case analysis m. If m is smaller than the mark d for 
the last case analysis which contributed to the substitution, then the corresponding 
substitution a of the EvAL rule is collected and d is set to m. Otherwise (if d < m), 
one only collects the part crlg of the substitution that concerns those abstract vari- 
ables that stand for ground terms. The definition of the intermediate body atoms 
/jr ensures that derivations in Vg only reach the second child of a Split node if 
the first child of the Split node could successfully be proved. 

Thm. [3] proves the soundness of our approach. So termination of the cut-free 
program Vg implies termination of the original program V. (However as shown in 
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( Schneider-Kamp et al. 20101, the converse does not hold.) 



Theorem 3 (Soundness) 

Let G be a proper termination graph for V whose root is {p(Ti, ..., Tm), {{Ti^ , ..., Ti^ }, 
0)). If Vg terminates for all queries in Qg, then all concretizations of G's root 
state have only finite state-derivations. In other words, then all queries from the 
set {p{ti, . . . ,tm,) I ti^,. . . ,ti^ are ground} terminate w.r.t. V. 

6 Experiments and Conclusions 

We introduced a pre-processing method to eliminate cuts. Afterwards, any tech- 
nique for proving universal termination of logic programming can be applied. Thus, 
termination of logic programs with cuts can now be analyzed automatically. 

We implemented this pre-processing in our tool AProVE (jGiesl et al. 2006]) and 
performed extensive experiments which show that now we can indeed prove termi- 
nation of typical logic programs with cut fully automatically. The implementation 
is not only successful for programs like Ex. [U but also for programs using operators 
like negation as failure or if then else which can be expressed using cuts. While 
AProVE was already very powerful for termination analysis of definite logic pro- 



grams ( Schneider-Kamp et al. 2009 1 , our pre-processing method strictly increases 
its power. For our experiments, we used the Termination Problem Database (TPDB) 
of the annual International Termination Competition.^ Since up to now, no tool had 
special support for cuts, the previous versions of the TPDB did not contain any pro- 
grams with cuts. Therefore, we took existing cut-free examples from the TPDB and 
added cuts in a natural way. In this way, we extended the TPDB by 104 typical pro- 
grams with cuts (directory LP/CUT). Of these, 10 are known to be non-terminating. 
Up to now, termination tools treated cuts by simply ignoring them and by trying to 
prove termination of the program that results from removing the cuts. This is sen- 
sible, since cuts are not always needed for termination. Indeed, a version of AProVE 
that ignores cuts and does not use our pre-processing can show termination of 10 of 
the 94 potentially terminating examples. Other existing termination tools would not 
yield much better results, since AProVE is already the most powerful tool for definite 
logic programming (as shown by the experiments in ( |Schneider-Kamp et al. 2009D ) 
and since most of the remaining 84 examples do not terminate anymore if one re- 
moves the cut. In contrast, with our new pre-processing, AProVE proves termination 
of 78 examples (i.e., 83% of the potentially terminating examples). This shows that 
our contributions are crucial for termination analysis of logic programs with cuts. 
Nevertheless, there is of course room for further improvements (e.g., one could de- 
velop alternative techniques to generate cut-free clauses from the termination graph 
in order to improve the performance on examples which encode existential termi- 
nation). To experiment with our implementation and for further details, we refer 
tO |http: //aprove . inf ormatik.rwth-aachen.de/eval/Cut/[ 

Acknowledgements. We thank the referees for many helpful remarks. 
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